Getting started

["Julia A. Case" <julie () MageNet com>]

After much todo with the pcap library I finally got snort to compile and 
install...  I edited the snort.conf file and it seemed to start ok and is 
logging connections to the /var/log/snort directory and I enabled the 
syslog logging and I see activity there...  but I also wanted it to log to 
my MySQL database, but nothing seems to be going there...  Do I have to do 
anything other than set the output database line to the appropriate data?  
Also, the /var/log/messages file is showing a lot of the following lines

Jul 31 17:26:16 morn snort[18748]: [1:515:2]  MISC source port 53 to <1024 
[Classification: Potentially Bad Traffic   Priority: 2]: 152.163.140.6:53 -> 
66.40.42.215:53

It seems like every request to the DNS server generates one of these 
messages...  Just looked a little odd.

Julia

-- 
[  Julia Anne Case  ] [        Ships are safe inside the harbor,       ]
[Programmer at large] [      but is that what ships are really for.    ]
[   Admining Linux  ] [           To thine own self be true.           ]
[ Windows/WindowsNT ] [ Fair is where you take your cows to be judged. ]

Attachment: _bin
Description: